New intuitive web-based interface allows multi-user access London, UK – November 2016 – Acunetix, the pioneer in automated web application security software, has announced the release of version 11. New integrated vulnerability management features extend the enterprise’s ability to comprehensively manage, prioritise and control vulnerability threats – ordered by business criticality. Version 11 includes a […]

The Heartbleed Bug took the world by storm the moment the vulnerability became public. Heartbleed Bug is a serious vulnerability in the widely used OpenSSL cryptographic library. This weakness allows theft of data resident in the server’s memory, which generally comprises SSL/TLS encrypted information, including the server’s SSL private keys.

According to Netcraft’s April 2014 Web Server Survey, it was estimated that when the Heartbleed Bug was announced, the two most widely used open source web servers, Apache and nginx, contained a version of OpenSSL that was vulnerable to the Heartbleed Bug. The combined market share of Apache and nginx alone constitutes to over 66% of active sites on the Internet.

However, the story of the Heartbleed Bug does not simply end at Apache and nginx. Hundreds of other services, application software and operating systems make use of OpenSSL for purposes that might be entirely unrelated to delivering pages over HTTPS.

This puts the number of Heartbleed victims at a much larger number when services such as email servers (SMTP, POP and IMAP protocols), FTP servers, chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client-side software.

Acunetix OVS will also provide detailed information as to which services are affected by the Heartbleed Bug. In the case of the screenshot above, Acunetix OVS has detected that an FTP server running on an installation of Ubuntu 12.04 LTS (listening on TCP port 21) is vulnerable to the Heartbleed Bug.

Additionally, Acunetix OVS provides details on how to fix the vulnerability, together with detailed information about the vulnerability.